Use-after-free in imgLoader while resizing images
- April 29, 2014
- Firefox, Firefox ESR, SeaMonkey, Thunderbird
- Fixed in
- Firefox 29
- Firefox ESR 24.5
- SeaMonkey 2.26
- Thunderbird 24.5
Security researcher Nils discovered a use-after-free error
in which the
imgLoader object is freed while an image is being
resized. This results in a potentially exploitable crash.
In general this flaw cannot be exploited through email in the Thunderbird and Seamonkey products because scripting is disabled, but is potentially a risk in browser or browser-like contexts.